Slashdot Mirror
Microsoft Offers New Data-Security Scheme
bingly_beep writes "The BBC is reporting Microsoft's new user security measure, whereby users sensitive information is stored on their PC rather then online, as in their previous offerings, such as Passport. This sounds like a good idea, but any such system would surely require that the user definitely erases the HD on any machine they sell. Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."
Erasing or otherwise formatting a hard drive doesn't do any good to eradicate personal information. I've used these guys on numerous occasions to successfully recover data from hard drives that have been formatted, imaged, etc.
If you're going to sell a computer, swap out the drive containing your data for a new one. They're cheap. Hold onto the drive that houses your data.
SiO2
I made a guide to using eraser, which would do the same thing. http://mboverload.no-ip.org/tech/recyle.html
You're absolutely right, they shouldn't be. But they are, a great many of them, because unfortunately many 3rd-party apps, especially games, require admin rights to run properly -- and who wants to exit and login as a different user every time they want to play a game? (Which in itself is a separate rant.)
With so many users running with admin rights, it'll be a no-brainer to compromise this particular setup.
The "Designed for XP" label requires the ability to run as a lower privileged user. I don't know how much more MS can really do to enforce it.
The problem with games is that they use low level access for copy protection tests, and need admin level to do that.
For more information check out this link.
For the lazy, here is a summary:
Many modern operating systems such as Windows XP (NTFS), Mac OS X ( [[HFS+]] ), and GNU/Linux with a kernel version greater than 2.4 (Ext3, JFS, ReiserFS, and XFS) have the ability to use a journaling filesystem that makes complete erasure of data unlikely.
There are several ways to securely wipe files when using journaling filesystems:
Store data that needs to be wiped on a partition (slice, volume, or drive) that uses a non-journaling filesystem. For example, users of Windows can use a Z: drive formatted with FAT32, and users of GNU/Linux can use a partition formatted with Ext2.
Store data that needs to be wiped on a partition that is encrypted using Hard Disk Encryption. This eliminates the need to use a secure wiping mechanism for individual files.
Store data on a temporary partition using any journaling or non-journaling filesystem. When it is time to wipe all files, use a tool such as Eraser or Wipe to securely wipe the entire partition.
Physically destroy the hard drive after use by melting the hard drive. (Passing a magnet over the hard drive will not work.)
So, basically... there is no proper way of protecting yourself from undelete data recovery methods, if you use a journalled file system, aside from keeping some thermite handy!
If you ask me, we should all be encyrpting our data partitions by now!
Yes and it has been for years.
But just like Mac (now) and Linux it is off by default.
One main reason is that in order to use it (on any OS) you have to use your brain. Basically you have to rememeber to properly handle your user data before mucking about with user accouts or you can permanetly lose everything. This problem has already been demonstrated repeatedly in the Mac user space WRT iTunes downloads which are pinned to used accounts. Destroy a user account before transferring ownership of the data and yo ulose your songs.
Of course, this is the point. But what happens is, 99 out of 100 people that lose everything do so in situations where they didn't really want to.
Thus, use of the systems by people that don't know how they work or what the drawbacks are are more likely to have problems with their data by using the system than by not using it. So, in all cases, the EFS remains turned off by default.
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!